How Windows Update Keeps Itself Up-to-Date

There have been some questions raised about how we service the Windows Update components and concerns expressed about software installing silently. I want to clarify the issue so that everyone can better understand why the self-updating of Windows Update acts the way it does.

So first some background:Windows Update is designed to help our consumer and small business customers (customers without an IT staff) keep their systems up-to-date.To do this, Windows Update provides different updating options: 1) Install updates automatically, 2) Download updates but let me choose whether to install them, 3) Check for updates but let me choose whether to download and install them, and 4) Never check for updates.Our goal is to automate the process wherever possible so that we can increase the likelihood of a system being secure and up-to-date, while giving customers the flexibility to control how and whether updates are installed. The reasons for this are both philosophical and practical.Philosophically, Microsoft believes that users should remain in control of their computer experience.Practically, customers have told us that they want to have time to evaluate our updates before they install them.That said, and to the benefit of both customers and the IT ecosystem, most customers choose to automate the updating experience.

So what is happening here? Windows Update is a service that primarily delivers updates to Windows. To ensure on-going service reliability and operation, we must also update and enhance the Windows Update service itself, including its client side software.These upgrades are important if we are to maintain the quality of the service.

Of course, for enterprise customers who use Windows Server Update Services (WSUS) or Systems Management Server (SMS), all updating (including the WU client) is controlled by the network administrator, who has authority over the download and install experience.

One question we have been asked is why do we update the client code for Windows Update automatically if the customer did not opt into automatically installing updates without further notice?The answer is simple: any user who chooses to use Windows Update either expected updates to be installed or to at least be notified that updates were available.Had we failed to update the service automatically, users would not have been able to successfully check for updates and, in turn, users would not have had updates installed automatically or received expected notifications.That result would not only fail to meet customer expectations but even worse, that result would lead users to believe that they were secure even though there was no installation and/or notification of upgrades.To avoid creating such a false impression, the Windows Update client is configured to automatically check for updates anytime a system uses the WU service, independentof the selected settings for handling updates (for example, “check for updates but let me choose whether to download or install them”).This has been the case since we introduced the automatic update feature in Windows XP.In fact, WU has auto-updated itself many times in the past.

The point of this explanation is not to suggest that we were as transparent as we could have been; to the contrary, people have told us that we should have been clearer on how Windows Update behaves when it updates itself. This is helpful and important feedback, and we are now looking at the best way to clarify WU’s behavior to customers so that they can more clearly understand how WU works.At the same time, however, we wanted to explain the rationale for the product’s behavior so our customers know what the service is doing:WU updates itself to make sure it continues to work properly.We are also confident that the choice to use Automatic Updating continues to be the right choice.

Before closing, I would like to address another misconception that I have seen publically reported. WU does not automatically update itself when Automatic Updates is turned off, this only happens when the customer is using WU to automatically install upgrades or to be notified of updates.

Providing and maintaining the WU service is important to enable us to service our customers and help them maintain safe, more secure and reliable computers.We take this responsibility very seriously and we are proud of the impact that Windows Update has had to help users with safety security and reliability over the years. Updating the client has been and remains a critical piece to this approach.

We appreciate the feedback and I hope that this post helps you to understand the situation and our strategy.

1. "Risk of no automatic updates detection occuring and being left vulnerable cause ya just didnt know V.S bad WUA patch being applied."

That’s a false argument. There will be a notification, saying that a necessary update to Windows Update is available. I don’t see how that’s any different or more dangerous than a notification that a given security patch is available.

2. It doesn’t have to be a false Microsoft patch (although all it takes is one stolen certificate for that to be a possibility), Microsoft has proven that it’s not infallible when it comes to patch distribution. Again, I point you to KB937061, available RIGHT NOW on Windows Update. If I didn’t have "inform me" turned on, it would be constantly reinstalling on my system.

Do you really think it’s impossible for Microsoft to send out a Windows Update update that completely breaks Windows Update on a small percentage of systems? I think such a scenario is completely possible.

4. Explaining it away AFTER the subterfuge is detected, and acting like they did nothing wrong when they explicitly didn’t follow user requests, is not an acceptable answer. Microsoft is trying to do the *easy thing* in terms of disclosure from their point of view, not the *right thing* for their users.

The *right thing* is to FIX THE BUG that prevents the "notify me before installing updates" feature from working as expected. Failing that, I at least expect an accurate description for the behavior in the next service pack.

This is BS. You could make the updater notifying the user that it needs updating itself before it can update the rest of the system. Stop intruding our privacy ok? Its enough that we have to deal with the rest of the OS;s crap. WTF are you CIA? FBI? are you controlled by them? What other spying capabilities have you built in the OS?

• Linux’s Free System Is Now Easier to Use, But Not for Everyone — Mossberg reviews Ubuntu. • Support journalism at its source — Jeff Jarvis: Wire stories should link to original stories. • Apple iPod touch Full Review –…

My point is that system files were changed without my authorization or notification. That is hacking, which I believe is illegal. The PR story above isn’t good enough explanation of why Microsoft had to do it behind EVERYONE’S back, deceitfully. Obviously it is deceitful since even the event log entry doesn’t list any kb article.

I work for a Gov’t agency and the elected officials I have to manage networks for are fearful about everything that might possibly compromise their security.

Now the story is out that Microsoft changed files on their systems even when I have update servers running and didn’t approve the updates. I then have to explain that Microsoft did it without notifying anyone.

I promised you more information about this brouhaha. So, I’ve been on the horn with some of my contacts at Microsoft. Specifically those that are authoritative on this recent issue about Microsoft updating files on your systems even if you’ve opted out

If JonDewar’s arguments were valid I would have already switched the rest of my systems to Linux.

I borrow books from the library; does that give the librarian a right to enter my home at will and rearrange the books I’ve borrowed – or remove the next six pages I’m about to read?

If I borrow a concrete mixer from the local "rent-a-center", does that give the mixer’s true owner the right to interrupt a concrete pour I’m doing for several hours in order to perform routine maintenance, putting me to the expensive of tearing up the and replacing the half-poured floor?

I believe that when you purchase the usage rights to any product any court in the land would uphold the argument that the buyer should reasonably be able to expect that the company that owns the property rights to that product will notify you of any changes it wishes to make and at a minimum give you the option to stop using that product if you do not wish the modification to take place.

If they don’t, you could reasonably expect various and sundry lawsuits to award various and sundry true and punitive damages if the customer should suffer harm resulting from the uninvited actions.

i have been using Microsoft products since DOS and i have all ways taken up for you but this just sucks.

you have no right to update anything in my computer with out me saying you can.

i have windows update blocked in my firewall and it will stay that way. the only reason i have not disabled the service is because the update website will not work when it is disabled.

you have lost my trust and the B/S you just tried to spill telling us this is how it has all ways been and theres no other way to do it besides going behind our backs’ to me this is you showing me how stupid you think we are.

i will continue to use windows but like i said you have lost my trust. and from reading this it just seem you don’t care.

With all due respect, it’s a steaming load of marketing drivel that you have to force an update or users will never be notified of updated again.

Users could be notified that updates are available, specifically, the WU update. They might not receive notifications of other updates, but so what?

The situation I am describing is *exactly* the same thing as happens with a out of the box XP SP2 install, you see a WU update available and nothing more. Once you install WU, you see the dozens of other updates available. Works great in theory, and in practice.

There is absolutely no excuse for updating executable code on a customer’s machine when the customer has selected a choice of "but let me choose whether to install them". Period. Full stop. No exceptions.

Personally, I hope this hits the justice department and/or a class action lawsuit to punctuate the importance of giving users control over their own computers.

Worse, a lot of us IT geeks have been working very hard at getting paranoid end users to pick the "Check for updates" or "Download updates" options rather then "Never check" for users who want to feel in control of their machine. I finally won my dad over a couple months ago, until then he would just hit WU manually when it occurred to him (every six months or so, on average)

I can guarantee he will probably never choose anything other then "Never check" because of this little episode, and I also don’t really feel the need to try to change his mind either.

For my part, I’m behind a WSUS server, so I don’t have to personally deal with this yet, but it does make me wonder if there isn’t a flag somewhere in an update that will preapprove updates on a WSUS server too — I’m not far from turning off automatic synchronization and just synchronizing when I happen to remember and have time to observe the results.

Why did you shutdown Autopatcher ??? Why don’t you buy them out or maybe begin something like it out of your own stable????

Put yourself in the client/users shoes and realize that not everyone in the world has Broadband or fast internet to connect to Windows Update site. Some actually needs the offline update facility it’s their only way of updating.

Don’t pat yourself on the back too much, Nate. Remember that the majority of Windows Updates are critical and security patches for BUGS IN EXISTING CODE.

In other words, Windows Update is so damn useful because Microsoft ships buggy code to start with. Code that allows malware to do considerable damage if it weren’t for the debugging efforts and WU.

Actually, I like how Windows Update works, for the most part. It is better than Adobe’s updater and much better than InstallShield Updates. And lets face it, even the open-source FireFox needs updates every month or so (it just reminded me again today!)

And I do like WSUS. I wish Adobe and others would just let MS distribute patches for them. It’s been done before, remember that Macromedia Flash update that came from Windows Update in 2006?

But remember that Windows Update is a necessary evil to compensate for poor software quality.

My main problem with this automatic update behavior is that it reboots automatically, causing loss of state. Note that other updates let me decide when to reboot, while this one rebooted itself after a few minutes.

I suggest that MS change the behavior of these forced updates such that they wait for user input before rebooting.

(Of course the more general problem to be fixed is that these updates shouldn’t require a reboot in the first place.)

hi i’m lucky it didnt affect my vista computers except by installing every update since march 07 for me. I contacted MS 1-800-642-7676 and letting them now my concerns about how illegal this is .its my computer not theirs and if mine crashes whos going to pay for it repairs(not MS), so dont wast your time. but i did learn how to shut auto updates off further.

The title of this post could very well have been: Microsoft still doesn’t get it.

It is COMPLETY and unequivocally unacceptable to modify anything on any computer without the owners expressed knowledge and explicit consent. This is not difficult. This is not a grey area.

Microsoft must not permit this to happen again. Microsoft must apologize to the computing population. Microsoft should be fined within an inch of existence for this offense and I am not speaking of modifying files without consent . . . but for allowing a mechanism to exist that can do so.

At least now I know why Windows Update fu**ed up all my games on Vista. Ever played a game online and had TrustedInstaller.exe pop up with 90% CPU power while you set WU to 3am and you’re gaming at 7pm?

This really does not help, Microsoft. If you really want to bring Vista to a bigger gaming audience, you better not only concentrate on "gaming for windows" but consider making a windows that plays fine with games.

everybody is spying on us nowdays. we are a bunch of idiots with money to spend. we are target groups. so they will not stop. $$$. Thats it.

in addition to this Vista is c-r-a-p. Out of curiosity why it takes 30+ seconds to Cancel a file copy over wifi? Canceling, Canceling, Canceling….. Its a new dual core machine with a fresh copy of windows. Productivity is taken 50 years back.

As a long-time Windows user (and probably for the rest of my life unless Microsoft folds), I really couldn’t care less about this issue. It seems to me that like most anti-Microsoft tirades these days, the heart of the matter is the general public’s paranoia of "big brother."

I think the argument that "this is my computer, you can’t change stuff on it," is completely bogus. Why? Well, for one, when you shelled out cash for Windows at your local Wal-Mart you weren’t paying for the actual operating system. You were paying for the RIGHT to USE the operating system. Which means the files and data contained therein still belong to Microsoft no matter where they are. Microsoft has a right as the legal owner of the files used by Windows on your computer to update them whenever it sees fit. I mean, after all if you let your friend borrow your TV, you’d use your ownership of said TV to go and mess with it whenever you feel like it right? Right.

The expectation that users have for Microsoft to be perfect is illogical. Microsoft is owned, run, and operated by HUMAN BEINGS. As we all know, we’re not perfect. How many mistakes did YOU make today? So, a single line of code in an update brought your big project a day behind schedule. So what? Are the dollars signs in your CEO’s eyes really what should be controlling your life?

In short, this (and all other anti-Microsoft tirades) just wreaks of greed, impatience, and good old fashioned officiousness.

Imagine this. You turn on your computer and, unbeknownst to you, someone starts changing your files. Ok, so maybe it’s not so tough to imagine these days with all of the viruses, trojans, and hackers out there. But what if the files were

I think the WU service is a good service and should be able to update your system IF you have allowed this service. What I do NOT agree with is WU secretly updated your system when you have specifically blocked this service. That is Illegal.

Firstly regarding the argument that WU had no choice but to update itself without the users consent because otherwise users could not use the update service in the future is an absolute load of rubbish. To give readers an insight here, I just recently installed Vista for a friend. I went to the update service to look for available updates and the first and only one available to me claimed it was needed to update the WU service so that future updates could be installed. Now tell me this, if WU has asked for permission to update itself in this instance; then why was it not possible at the above mentioned instances?

I will tell you why, because MS thought they could get away with it. Well MS got caught with its pants down this time…and should be prosecuted!

I wonder what happens in the case of industrial espionage? How can a company know that Microsoft or a "partner" is not stealling sensitive information? If it can change files at will then it can probably do anything? Correct me if Im making a wrong assumption.

Not good enough. Forget the marketing spin, what you should be doing is very simple:

1) No software should be installed without asking the user. No exceptions, ever, not even for ‘good reasons’, or if the machine is part of a botnet, or not up to date.

2) No software should be remotely disabled for any reason. No exceptions. Not even if the software is ‘pirated’ as Microsoft have repeatedly misidentified genuine software; the fact the percentage of users affected was small does not improve matters.

Microsoft may be confident about their decision, but they are also *WRONG*. No-one except the maintainer of the machine knows the impact a software update may have.

Please confirm that in a WSUS environment client PCs will never auto upgrade WU components without administrative action.

Thanks for the attempt at clearing things up, yet still you seem to miss the crucial aspect of this issue. you cite the reason

"Had we failed to update the service automatically, users would not have been able to successfully check for updates and, in turn, users would not have had updates … That result would not only [FAIL] to meet customer expectations but even worse, that result would lead users to believe that they were secure even though there was no installation and/or notification of upgrades"

So you are telling me that there is no possible way to notify people before the update, maybe in the form of a pre-update stating that windows update will be updated automatically.

The point is not what you fixed or why you updated, the point is the method in which you went about doing it.

You believe that sneakily updating your system is meeting customer expectations??

" In fact, WU has auto-updated itself many times in the past."

Thanks for that, just curious how many other windows files have been secretly updated in the past?

A letter of apology is required on this issue I believe, not only have you lost the trust of everyone using your OS, but you still have not apologized only justified. Intrusion into MY computer in an unacceptable practice.

"One question we have been asked is why do we update the client code for Windows Update automatically if the customer did not opt into automatically installing updates without further notice? The answer is simple: any user who chooses to use Windows Update either expected updates to be installed or to at least be notified that updates were available."

Sorry, but by your own words, the user asked to be notified about updates, this should and does included updates to the Windows Update Services.

When I visit the update website I am prompted to update them if out of date… Why do you think this is any different?

If this update for the Automatic Updates client is so impotant, why isn’t it available from WSUS?

You might say that the protocol used by WSUS did not change so therefore this silent update is not necessary.

But what happens if I decide to unconfigure a WinXP box to obtain updates from MS instead of my WSUS server. Since this silent AU update is not available from WSUS, it was not installed on any of my computers as long as they were connected to my WSUS server. So what happens? Does the AU client break immediately?

If Windows Update can still distribute the silent update to any system that needs it in the future, why does it need to be silent today?

I understand people want fewer choices, just like the dude who is asking for Windows Defneder updates to be installed automatically. I also understand that most people don’t have the tech knowledge to make the right choice – which is why WinXP SP2 defaults to enabling the firewall.

But YOU must also understand that SOME of us have unique requirements. When we say "notify before installing" we actually want to be notified. You might think that nobody would notice if their computers rebooted at 3am, but you know what, SOME of us have long-running tasks and WE do care! Likewise, some of us do need to monitor what’s happening in detail on our systems and when we say to be notified, we actually mean it.

In the end, though, I’m not all that mad because I always suspected MS has a way to silently install software over the ‘net. This is just one example, I’m sure.

And if anyone thinks other companies are any better, think again. e.g., I’m sure Apple has the capability to update anyone’s iPhone without their consent. They probably won’t use it unless they think they have to – like what MS has done here.

For those of you who actually thought MS was completely truthworthy… shame on you. :=)

well, microsoft is nothing else the boring. My computer is my computer and YOU HAVE ABSOLUTELY NOTHING TO DO BEHIND ME. but forget it. as more windows we got – as more problems we got. I still do my best jobs on win 95 and win 98 without internet (NEVER SELL A RUNNING HORSE). I heared those lies since 1985 – buy the next version and you will be out of problems. XP is for internet only now. Vista will never see me. BUT THE INTERNET WILL GO IN FUTURE OVER LINUX. I passed hundreds of nights and thousends of hours to fix bullshits on dos- and windows-systems the last 20 years. I’m just tired of you liers and spiers. for me it was all the time clear, that you spy behind the customers. on the view back: THE LIFE WITHOUT MICROSOFT WAS A BETTER LIFE. I was there and I want go there again….

Did you read any of the product documentation? Did you ever ask the question of what each of those options meant? Perhaps you blame the credit card company for your 19% interest rate when you applied for the card yourself. Other software is updating itself on your computer (Adobe, A/V software), but not sure you’d spend 5 mins whining about their updates…

The smart guys over at Windows Secrets have as usual been doing some spelunking and they discovered this week that Windows Update in Windows XP and Vista recently updated some files without telling the user. Of course, the files are executables used b..

I have two related problems with Windows Update. If either one were solved, it would be a big help.

1. I want Windows Defender updates installed automatically. These are sometimes very frequent and there is nothing to decide.

2. I do not want the risk that my PC might reboot itself in the middle of the night while automatically installing updates. I have had to switch off automatic updates because of this, but now have to install Defender updates manually.

The best answer would be another update option: "install updates automatically but prompt me to reboot". The next best would be "install Defender updates automatically but prompt me for everything else".

Thanks for the explanation. I am as quick as anyone to question the motives of any company (or individual for that matter) and in this case it really seems to me that some folks are up in arms over this issue with little cause.

Please, do tell me, how "Check for updates but let me choose whether to download and install them" means the same thing as "Ask me for some updates, but silently install others"?

How is this any different from spyware? Installed without my permission and against my *explicit* actions. Do you guys enjoy getting sued, cause that’s what should happen after something like this.

Because of Microsoft’s actions, I have no choice but to completely disable WU on all of my computers. I cannot trust Microsoft anymore it if decides to pull this crap. Congrats on making the internet less safer.

And as to the whole "WU won’t work if WU isn’t automatically updated," to paraphrase Stephen Colbert, that’s the Dumbest F#?king Thing I’ve Ever Heard. If WU can’t function with multiple versions, that’s a BUG in your software.

The WU update client automatically updates itself automatically when using WU for a good reason according to Microsoft, but they won’t tell you why. The reason is to check the system for reportedly pirated keys and then disallowing you to update your system.

This does not surprise me coming from MS at all. But then I can’t say that I have been caught with my pants down either. Windows runs as a virtual machine on one or more of my l*i*n*u*x boxes. I turn it on when I need something. I turn it off the rest of the time. ( XPS2, no updates allowed, period ). Any updates, I blow away the virtual machine and reinstall the image from back-up.

What does this mean, I trust Microsoft 0%.

As far as I am concerned Windows is a QUARANTINE OS for me and

will stay there for the foreseeable future.

They are like a crooked mechanic, give them a chance to get under the hood of your car, and prepare to pay.

Thanks for the explanation. I am as quick as anyone to question the motives of any company (or individual for that matter) and in this case it really seems to me that some folks are up in arms over this issue with little cause.

No software is perfect but I have been very impressed with XP and auto updates. I appreciate the ability to keep my system updated with little effort on my part and take advantage of most automatic update style features for XP, and also for other OSes and applications. In my opinion the small risk of getting a bad update is vastly outweighed by the risk of being behind the curve, since most updates improve stability or security.

This is simply not satisfactory and how this can also be exploited by a malicious user is another concern that we must deal with. It appears that Microsoft has clearly abused its market dominance here and implemented something that is clearly to the disadvantage of consumers

My views have been well expressed here by the majority of others; I would just like to add another voice to the crowd now dealing with the hassle of having updates completely disabled and my firewall configured not to let it in or out without a notification that I know I’ll get.

Beyond that, I don’t think that Ubuntu disk on my desk will be collecting dust much longer….

I really hope that you will soon realize how important users’ trust is to you and that going over their heads about things they’ve specifically asked to be passed under their noses is a very good way to lose it.

Nate Clinton wrote: "Of course, for enterprise customers who use Windows Server Update Services (WSUS) or Systems Management Server (SMS), all updating (including the WU client) is controlled by the network administrator, who has authority over the download and install experience."

This is not true. We had several thousand clients, using WSUS, that were updated automatically to the WSUS 3.0 client without any notice. The worst thing about this is that the AU client behavior changed as well so we had a large number of clients strted to roboot after they where patched without any notice to the users. We are now promised that this will be changed in the next AU client that comes with WSUS SP1.

Thanx for the great PR job promoting Linux. Your contribution made it clear to every security conscious person why it is really necessary to throw out Windows and use Linux. Your post is worth many million marketing dollars for the Linux community.

Is there anyway to tell what updates are being done during shutdown? I have an XP Media system that seems to be running the same single updated everytime I power down, so I suspect the update is hung, but I have been unable to find any info on how to track down the culprit, or to find out how to remove the update or even find out which one is causing the problem, since running update manually when powered up seems to go just fine. It would be nice if the shutdown or updater created a log file one could look at to see if it was having problems and creating error messages one could then take action on.

I get this notification from windows update that it can’t check for updates. I open it, I click on check for updates and then it says that windows update has to update itself. It says that "to check for updates, you must first install an update for Windows Update….". It notes and windows update will close and reopen.

When I clock install now, the network usage does go up, in a spike for a relatively brief moment, in task manager, so it is actually doing something. After a few more seconds, it just goes back to this red bar, and it has the Check for updates enabled.

The most recent check for updates says never. last update installed 15-12-2007. Note thought that two more updates for windows defender were installed on 22 of december 07 and jan 6.

1) Risk of no automatic updates detection occuring and being left vulnerable cause ya just didnt know V.S bad WUA patch being applied. Personally, I will take the later risk. If that doesnt sit well, turn it off competely or dont have WUA set to automatic startup and set it to manual start when you want to detect/possibly download/possibly install KNOWING that it may well update itself. It IS your computer, configure it as you like. Having said that, a setting for disabling this feature would be nice.

2) As for the ‘False’ windows patch, hmmm, if it isnt signed by MS, it wont get installed unless you have ‘allow trusted publisher signed content’ AND you have a package signed by the bad guy AND that bad guy’s signing certificate has been added to your Trusted Root Store AND Trusted Publisher store. If all that has happened, well, it wasnt your computer, it was the bad guys and there are much easier ways to own the machine. If they have somehow hacked the agent or replaced binaries, it isnt your computer. IMO, that is a configuration management issue.

3) Comparing Sony’s DRM rootkit fiasco to this is, IMO, a bit of a stretch. MS is trying to make sure that customers are kept up to date and protected from security vulnerabilities in their software. MS has actually made great efforts in how they build software to minimize these vulnerabilities. They are making good progress and doing more than most vendors. They didnt go find a rootkit manufacturer and knowingly put you at risk to make sure you pay for your fitty cent CD.

4) Nate has told you how it works, so this is clear and has stated the plan is to effectively communicate this. He also tried to tell you the reason behind the design decision. Personally, I think MS IS trying to do the right thing here in terms of disclosure.

The Windows Update infratructure is used by Windows Media Player and Windows Defender as well. You can disable updates Defender, but Media Player only allows "Once a day", "Once a week", and "Once a month" as settings. So you’ll get updates at least once a week, even with everything else disabled.

Thanks for the attempt at clearing things up, yet still you seem to miss the crucial aspect of this issue. you cite the reason

"Had we failed to update the service automatically, users would not have been able to successfully check for updates and, in turn, users would not have had updates … That result would not only [FAIL] to meet customer expectations but even worse, that result would lead users to believe that they were secure even though there was no installation and/or notification of upgrades"

So you are telling me that there is no possible way to notify people before the update, maybe in the form of a pre-update stating that windows update will be updated automatically.

The point is not what you fixed or why you updated, the point is the method in which you went about doing it.

You believe that sneakily updating your system is meeting customer expectations??

" In fact, WU has auto-updated itself many times in the past."

Thanks for that, just curious how many other windows files have been secretly updated in the past?

A letter of apology is required on this issue I believe, not only have you lost the trust of everyone using your OS, but you still have not apologized only justified. Intrusion into MY computer in an unacceptable practice.

Thank you for coming forward with an answer about this issue. It is appreciated.

However, you’re asking yourself the wrong questions, and thus coming up with the wrong answers.

You’re asking yourself what you think people are expecting from automatic updates, and then using your own biased preferences towards the full automatic update experience to flavour your answer.

The question you’re not asking yourself is "why do users choose to disable the automatic installation?" There are several answers, but the most common is probably "because Microsoft makes mistakes". Some recent examples, off the top of my head:

– the "human error" that borked Windows Genuine Advantage for a weekend

– KB937061, currently out on Windows Update, which will be re-installed indefinitely on anyone’s machine who has installed Visual Studio 2005 without Crystal Reports.

Should we expect Microsoft to be infallible? No, we shouldn’t. They are people after all. But choosing when to install items gives us the option to check the blogosphere for issues, avoid installing something during a critical project phase, etc etc. And by taking the liberty of installing items without asking, you are asserting that you are infallible. Which, obviously, you are not.

Automatically installing Windows Updates patches violates our trust. I can guarantee you that anyone that specifically chose to disable automatic installations would rather have to choose to install the new Windows Update patch, even if it meant missing out on further notifications until that was done.

God forbid the Windows Update system was compromised. A false "Windows Update" patch could be pushed to all systems that could install a rootkit, erase harddrives, etc etc etc. The Windows Update client, when the "don’t install with asking" option is selected, should not have the capability to install *anything* without asking.

I hope you update your policies in this regard. And then update your software so that consentless upgrades are not even technically possible.

In the meantime, I will be disabling automatic updates entirely on all my machines, and hoping that actually works as promised.

Well, then the only reasonable solution to this tirade, by your rationale is to raise the price of the Windows software so that you’re buying your own honest-to-God copy that you can do whatever you wish with – including modification, source code release, and hacking.

The legal system in the United States is far from logical. How can they legally keep Microsoft from modifiying the operating system that’s patented and copyrightedto their institution? That’s like me creating a new way to sell gas, but the American legal system saying that I have no right to change it at a later date.

Given that the legal system will probably never change and therefore start becoming an institution that sides on team of thought and reason, the only solution is the following:

If you don’t want Microsoft updating the software they have a legal right to update…don’t use it and stop complaining. The people that don’t care get really annoyed at all of this childish greedy nonsense.

Changing the contents of my HD when I have expressly forbidden it amounts to vandalism. This is the best argument for not running Windows I have ever read. Unfortunately, I have to run a MS box at work – but this nonsense will never be inside my home. Fedora FTW!

most people should have their automatic update function turned on and either set to update at a specific time, or to download the updates so they can install when they want or at shutdown.

I believe that most people would rather that the system just keep itself up to date without them worrying about it and for most people they will NEVER run into a problem doing this.

The alternative is pretty much that, if it’s not done automatically for them, most people will RARELY update their systems and you will have a plethora of unpatched systems out on the net available for hackers to use as they see fit, which is the current state of affairs today.

If you so against Microsoft and windows in general, then why don’t you keep your rude comments to yourself? and keep on using linux. If windows is so bad, what do you even have it installed in a vm? cant linux do everything windows can? or thats what most linux people say. and even if your saying well i need it for this and that.. then you must be a noob and never heard of such an application called whine? So whine it up joey.

Windows Updates is like a rogue handyman who bashes down the door of your house to fix your lock, just in case some other intruder might venture in. He even locks you out while he is working, because he’s sloppy and overweight and this is more important than that silly project you were working on.

And don’t bother putting up a no trespassing sign – the guy’s got your key – Turning him off just turns him on.

"The point of this explanation is not to suggest that we were as transparent as we could have been; to the contrary, people have told us that we should have been clearer on how Windows Update behaves when it updates itself. This is helpful and important feedback, and we are now looking at the best way to clarify WU’s behavior to customers so that they can more clearly understand how WU works."

Hey, guys? Today is Feb 17, 2009. It’s been nearly a year and a half, and as best I can tell, this issue remains unchanged. Unless I missed it (and I just spent the last half hour looking), there’s been no followup on this issue other than explanations similar to the above. No promise to change WU’s behavior or notify the user in any way when WU decides to notify itself.

If this isn’t addressed, then sooner or later you’ll have a repeat of the same negative PR you got back in 2007. That would not be good for MS!

I do not blog, but the Trust Issue and Microsoft pushing the envelope again by "pushing out" Windows Updates without the individual owners knowing or being informed of this is what I believe is a "major" trust issue that needs to be addressed by the appropriate parties.

Our Personal Computers are rightfully "OURS", not Microsoft’s, and by performing an action to “Our” computers without having any form of user notification on "OUR" personal computer, not yours, is a major issue of trust….along with what I believe legal issues.

I would also believe that corporations and medium to small companies, would also be concerned. What if this update caused issues with their IT operations and businesses systems? IT departments were not prepared or notified prior to these updates….

It is not like Microsoft has “not had” Patch issues before….2006 there was somewhere in the area of 6 bad patches I believe, and a few the year before…One of which caused issues and MS released a “Re-Patch” to address the Dial-Up functions of Windows Dialer. I had experience this while working for a large Italian automotive company here in the US, and behold the US government division that handles emission standards and compliance had also experience this issue on a large scale.

So with this issue and these words in mind, I believe Microsoft has some Public Relations matters to address, and believe this would be in their best interest to do so, while also changing their practices….in stealing a Microsoft common term, “Best Practices”.

To me, this matter puts Microsoft on the same “trust level” as the Spyware or Root Kits that that have been installed by publicly known companies software and hardware products, as with such companies as “Sony”.

Everyone ships buggy code. Adobe, Apple, Sun, Linux. Every company on the face of the planet that developers software ships buggy code and is required to update that code in some form or another.

How about the fact that Fireworks does not work properly in Vista because of Adobe’s lack of understanding of how the Windows Desktop Manager functions, and the fact that these issues have still not been corrected. This is buggy software.

How about the fact that iTunes will not burn media on Vista x64 because Apple’s CD burner driver will not function, and this issue has still not been corrected.

How about the fact that Java still does not work on several versions of Firefox under Windows Vista for the same reasons that Fireworks 9 does not function properly and that these several versions do not function properly.

The point is that Microsoft should not be singled out for releasing software. All software, regardless of the company who issues it will have some form of bug and/or shortcoming, and Microsoft is no different. In this situation, we must focus on which companies release updates for these bugs or updates in a timely manner and it seems to me that Microsoft is one of the few companies out of this list which does.

No software is perfect but I have been very impressed with XP and auto updates. I appreciate the ability to keep my system updated with little effort on my part and take advantage of most automatic update style features for XP, and also for other OSes and applications. In my opinion the small risk of getting a bad update is vastly outweighed by the risk of being behind the curve, since most updates improve stability or security.

Windows has some real assets and automatic update is one of them…just think that you might already know a lot about your pc, but there are tons out there who barely manage to turn it on! Automatic update for these fellow is essential, they know it’s good and will have nothing against getting updated.

In terms of whether it is good or not to have these automatic updates, as long as you surf on the net, this package is an essential one and helps your computer to survive after each day. Thanks for the article!

Nice topic and described in a beautiful way, updates are really important,Daily there are so many viruses and other security threats, you never know which can harm your computer your network and can steal your important data. Microsoft is uploading such patches, security updates, critical updates & service packs. All these updates are available through windows updates website.

got a article "why windows updates are important" on following link check this out:

You were paying for the RIGHT to USE the operating system. Which means the files and data contained therein still belong to Microsoft no matter where they are. Microsoft has a right as the legal owner of the files used by Windows on your computer to update them whenever it sees fit.

No offense.. wait I do intend offense, but all my XP copies are legal too, but I do NOT want them phoning home every damn day. God knows what info is being sent to them, and I do not approve of it. Also MS was completely deceptive in its advertising of WGA, and did not disclose the phoning home behavior.

I have choosen NOT to accept that patch and have turned off auto-update because of it. I might turn it back on when MS either removes it or labels it correctly. If Blizzard ever released a native WoW client, I could remove my windows partitions and go back to being a full time linux user again.

I run Linux. I’m not too worried about keeping my PC up to date unless I happen to lose my internet connection. And security? It’s a tough egg to crack, so I’m not too worried. And even if I was that worried, I could easily create a USB loading copy and do all my financial transactions that way.

I understand people want fewer choices, just like the dude who is asking for Windows Defneder updates to be installed automatically. I also understand that most people don't have the tech knowledge to make the right choice – which is why WinXP SP2 defaults to enabling the firewall.

I understand people want fewer choices, just like the dude who is asking for Windows Defneder updates to be installed automatically. I also understand that most people don't have the tech knowledge to make the right choice – which is why WinXP SP2 defaults to enabling the firewall.

I understand people want fewer choices, just like the dude who is asking for Windows Defneder updates to be installed automatically. I also understand that most people don't have the tech knowledge to make the right choice – which is why WinXP SP2 defaults to enabling the firewall.

I understand people want fewer choices, just like the dude who is asking for Windows Defneder updates to be installed automatically. I also understand that most people don't have the tech knowledge to make the right choice – which is why WinXP SP2 defaults to enabling the firewall.

I understand people want fewer choices, just like the dude who is asking for Windows Defneder updates to be installed automatically. I also understand that most people don't have the tech knowledge to make the right choice – which is why WinXP SP2 defaults to enabling the firewall.

I have taken my computer off automatic updates every single day. Every day I turn my laptop on the setting are changed back to automatic. Now that I have changed it back for me to choose it is still trying to update and restart. Idk what to do. Everytime it updates it messes up our wifi connection. Help me.

My complaint (and it is a complaint, I know): WU DOES NOT adhere to the schedule I have in place. I want every SUNDAY @ 3:00AM, yet invariably during the middle of the week my computer will become very sluggish and I know why. That hog WU is claiming too
much of my resources and sure enough, when I am in the middle of something it asks for a reboot. So I wait and wait and interrupt my day to watch x of x updates. OK – applied. Then minutes later it happens again. This is a common situation and I am insulted/hate
the way MS blatantly displays that red warning whenever I turn off automatic updates. Whose computer is this anyway? What it boils down to, really: MS wants control of your computer so that it can keep its DB updated (hardware/software changes) so that they
can "know" what it out there, etc. and who is using what and to be absolutely sure that every computer is truly licensed. That is major feature of the Malicious Software update. As they change their methods for verifying a computer (and change their software)
they need to be sure that each computer has the most up-to-date verification logic. And as part of that logic, they update MY hardware/software details on their systems. Yup Big Brother lives and breaths in Redmond, WA.

Wow, a lot of good reading. Me myself, I’m glad you allow me the chance to turn of auto update. I always thought you left on auto update for someone like Grandpa who has never really used a computer before. If it was left off, he would never get the fixes
he needs… But yea, I never liked it when I needed to use my computer in a hurry only to tell me, "do not shut down computer while updates are being installed!" But cool. Thanks for allowing me to read the KB articles before making any updates!

This IS BS….if my ADMIN SERVICES says, manual start. IT MEAN MANUAL START>>>DO NOT OVER-RIDE MY DECISION MICROSOFT.
And why do any number of Windows update attempts occur. Not only with WU. If I turn of WU it attempts to update using other net services. Which I then block. AND it chews through memory like crazy. Next I know i’m using 10 gigs of memory with this STUPID update attempt. This is all clearly illegal…and the End User Agreement is also illegal, as we are all under duress in making the agreement. What other choices do you have? That’s duress.